Self-signed Certificates

This section describes how to configure the application to interact with services utilising self-signed certificates.

1. Open the build.gradle.kts file of the "core-logic" module.
2. In the 'dependencies' block add the following two: Gradle implementation(libs.ktor.android) implementation(libs.ktor.logging)
3. Now, you need to create a new Kotlin file ProvideKtorHttpClient.kt and place it into the src\main\java\eu\europa\ec\corelogic\config package.

4. Copy and paste the following code into your newly created ProvideKtorHttpClient.kt file. ```Kotlin import android.annotation.SuppressLint import io.ktor.client.HttpClient import io.ktor.client.engine.android.Android import io.ktor.client.plugins.logging.Logging import java.security.SecureRandom import javax.net.ssl.HostnameVerifier import javax.net.ssl.SSLContext import javax.net.ssl.TrustManager import javax.net.ssl.X509TrustManager import javax.security.cert.CertificateException

   object ProvideKtorHttpClient {

   @SuppressLint("TrustAllX509TrustManager", "CustomX509TrustManager")
   fun client(): HttpClient {
       val trustAllCerts = arrayOf<TrustManager>(
           object : X509TrustManager {
               @Throws(CertificateException::class)
               override fun checkClientTrusted(
                   chain: Array<java.security.cert.X509Certificate>,
                   authType: String
               ) {
               }
   
               @Throws(CertificateException::class)
               override fun checkServerTrusted(
                   chain: Array<java.security.cert.X509Certificate>,
                   authType: String
               ) {
               }
   
               override fun getAcceptedIssuers(): Array<java.security.cert.X509Certificate> {
                   return arrayOf()
               }
           }
       )
   
       return HttpClient(Android) {
           install(Logging)
           engine {
               requestConfig
               sslManager = { httpsURLConnection ->
                   httpsURLConnection.sslSocketFactory = SSLContext.getInstance("TLS").apply {
                       init(null, trustAllCerts, SecureRandom())
                   }.socketFactory
                   httpsURLConnection.hostnameVerifier = HostnameVerifier { _, _ -> true }
               }
           }
       }
   }
   

   } 5. Also, add this custom HttpClient to the EUDI Wallet provider function *provideEudiWallet* located in *LogicCoreModule.kt*Kotlin @Single fun provideEudiWallet( context: Context, walletCoreConfig: WalletCoreConfig, walletCoreLogController: WalletCoreLogController ): EudiWallet = EudiWallet(context, walletCoreConfig.config) { withLogger(walletCoreLogController) // Custom HttpClient withKtorHttpClientFactory { ProvideKtorHttpClient.client() } } ``` 6. Finally, you need to use the preregistered clientId scheme instead of X509.

Change this: Kotlin withClientIdSchemes( listOf(ClientIdScheme.X509SanDns) )

into something like this: Kotlin withClientIdSchemes( listOf( ClientIdScheme.Preregistered( preregisteredVerifiers = listOf( PreregisteredVerifier( clientId = "Verifier", legalName = "Verifier", verifierApi = "https://10.0.2.2" ) ) ) ) )